Ferrari receives ransom demand from hackers
Fallout from Latitude hack continues
German and South Korean Authorities Alert of Kimsuky's Growing Cyber Assault Techniques
This week, Google unveiled a Chrome 111 update addressing eight security issues, featuring seven high-severity memory safety vulnerabilities identified by independent researchers.
These externally reported flaws include four use-after-free vulnerabilities, which could potentially result in arbitrary code execution, data corruption, or denial of service.
The most critical vulnerability, CVE-2023-1528, is a use-after-free flaw in Chrome's Passwords component, as evidenced by the substantial bug bounty reward of $10,000.
The password leak detection dialog is concealed before presenting the account selector, implying that the password leak detection dialog should not appear until a Google account has been chosen. This allows an attacker to potentially access the vulnerable password.
In addition to the previous fixes, the Chrome 111 update includes patches for a pair of out-of-bounds read issues in GPU Video and ANGLE. According to Google's guidelines, no bug bounty reward will be provided for these flaws, as they were identified by researchers from Google Project Zero.
Google did not disclose any instances of these vulnerabilities being exploited in real-world attacks.
The most recent Chrome version is currently being deployed as 111.0.5563.110 for Mac and Linux, and as versions 111.0.5563.110/.111 for Windows.
Italian luxury car manufacturer Ferrari disclosed on Monday that cybercriminals had demanded a ransom for potentially exposed client contact details, following a ransomware attack.
Upon receiving the ransom demand, Ferrari promptly initiated a comprehensive investigation, partnering with a leading international cybersecurity firm. The esteemed car maker also contacted the appropriate authorities, who are expected to conduct a thorough investigation in accordance with the law.
The precise timing of the incident remains undisclosed, but it might be connected to the October 2022 ransomware attack, in which the RansomEXX group alleged stealing and leaking 7 GB of data from Ferrari, a claim the automaker refuted.
In its 20th March statement, Ferrari asserted its policy against acquiescing to ransom demands, as doing so would finance criminal enterprises and perpetuate cyberattacks. Instead, the company prioritised client transparency, notifying customers of the possible data breach and its nature.
Email notifications sent to clients revealed that the compromised data may include names, addresses, email addresses, and phone numbers. However, no evidence of financial information or vehicle ownership details being affected has been discovered.
Given the exclusivity and high price range of Ferrari's automobiles, cybercriminals may find their affluent client contact list particularly appealing for crafting tailored, malicious emails.
Ferrari confirmed that the breach did not impact the company's operational functions and has collaborated with external experts to enhance its system security.
Although Ferrari did not specifically mention RansomEXX in its statement, the ransomware group has been linked to several other high-profile attacks, such as those on global logistics provider Hellmann Worldwide, software and services company Tyler Technologies, and various other organisations.
Following last week’s massive data breach Latitude Financial, an Australian firm, has attributed a the leak of personal information to a supplier's mishap. The company has temporarily ceased operations and customer services as it addresses an attack on its systems.
Last week, the publicly traded company halted share trading and announced that it had detected unusual system activity, indicative of a sophisticated and malicious cyber-attack.
Interestingly, Latitude informed investors that the attack stemmed from a major vendor utilised by the company.
According to Latitude, as a result of the attack on the vendor, credentials of its employees were exposed, which were subsequently used to access two other service providers responsible for tasks like identity verification. The compromised credentials enabled access to over 100,000 identification documents from one provider and more than 225,000 customer records from the other. The accessed data encompassed details from driver's licences, passports, and health insurance cards. In Australia, it is standard practice for financial services companies to secure multiple identification forms before opening accounts; hence, Latitude's possession of such data is not unusual. Customers in New Zealand were also affected.
The breach is the latest in a series of major attacks on Australian companies, following hacks at Optus and Medibank, among others.
German and South Korean intelligence agencies caution against Kimsuky's evolving cyber attack methods, which employ malicious browser add-ons to compromise Gmail accounts.
The warning is jointly issued by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service of the Republic of Korea (NIS).
The cyber assaults primarily target specialists in Korean Peninsula and North Korea affairs, employing spear-phishing strategies, as reported by the authorities.
Kimsuky, alternatively identified as Black Banshee, Thallium, and Velvet Chollima, is a subunit of North Korea's Reconnaissance General Bureau, focusing on gathering strategic intelligence on events and negotiations impacting North Korea's interests.
Key targets encompass organizations in the U.S. and South Korea, specifically those in the government, military, manufacturing, academia, and think tank sectors.
Mandiant, a threat intelligence company owned by Google, revealed last year that Kimsuky's activities involve gathering financial, personal, and client data, particularly from South Korea's academic, manufacturing, and national security industries.
Recent offensives by the group indicate a broadening of their cyber operations to include Android malware variants such as FastFire, FastSpy, FastViewer, and RambleOn.
Kimsuky's use of Chromium-based browser add-ons for cyber espionage is not unprecedented, as the group has previously employed similar tactics in operations known as Stolen Pencil and SharpTongue.
The revelation emerges as the North Korean advanced persistent threat (APT) group, known as ScarCruft, has been connected to various infiltration techniques used to introduce PowerShell-based backdoors into compromised systems.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.